Since Windows 8 RP is out, I've completely migrated to Mint and overall, it covers all the use cases I need perfectly.

Except one. Sometimes I need to help someone fix a Windows based PC at home, and I need to connect to that machine remotely.

Is there a way to use such system? The best scenario would be if I could ssh into a local server at home, and then use that server to connect to Windows PCs that are on that network, but not open to the whole internet. This way I would have one open port, set up safe ssh connection with some certificates probably, and then I could help to fix any of the family computers remotely without opening all of them through firewall.

Is there a way to set up my network like that? How can you RDC into a Windows PC without Windows?

Also, what do I need to do to create a secure ssh endpoint? Only open 1 port, or is there some additional configuration necessary?

It's not free, but GoToMyPC has a Linux client that can connect to a Windows host PC. I've used it (all Win) for years so that I can do things at work on the home computer that might not pass muster with the office nanny-bot (mostly Flash-related as our boffins hate to upgrade Flash).

Never ask a woman who is eating ice cream straight from the carton how she's doing.

We use the RDC client in openSUSE to connect to my dad's work PC(windows) all the time. But the target PC has to have at least Windows 7 Pro.I heard this advertised on Leo Laporte. It's not free of course. And would only be worth it if it brought in revenue.http://www.gotoassist.com/remote_support/

We use the RDC client in openSUSE to connect to my dad's work PC(windows) all the time. But the target PC has to have at least Windows 7 Pro.

I will be using Mint. The Linux server with ssh port forwarded through firewall is probably going to be Ubuntu server or even Debian. The PCs at home can differ. IIRC, there is an XP PC, Win 7 (maybe home), and a Win 7 Pro version.

I will be setting up the infrastruture, Linux server, router config, wiring. But I don't want to set up each PC/Laptop with different software as of now.

If you are doing this in an interactive manner (meaning there is somebody on the other computer who can do basic stuff) then the Chrome web browser has a pretty nifty remote desktop extension that is easy to use and traverses firewalls nicely too: https://chrome.google.com/webstore/deta ... ihenigjmpp

It is very cross-platform friendly (works fine on Chromium under Linux), and is free.

To RDP to a Windows box, you would use rdesktop. The draw back is that Remote Assistance won't work, but aside from that, it works well. I usually use rdesktop -g 1024x768 -P0 -u username -d domain -p - 9.9.9.9 to connect to single Windows boxes.

I do this all the time. On Ubuntu it is called "Terminal Server Client" (RDP protocol is a descendant of Windows Terminal Server protocol).

You just need to have a way of SSHing into the remote network. Use the -L option on the SSH client to forward any local port above 1024 to port 3389 on the target Windows PC, and tell the Terminal Server Client to connect to localhost:port#.

Alternatively, you can install VNC clients on the Windows PCs, and do a similar thing using a VNC client on your end.

For added security, set up the SSH server to listen on a non-standard high-numbered port and/or configure it to require key-based authentication.

The years just pass like trains. I wave, but they don't slow down.-- Steven Wilson

Both GoToMyPc and TeamViewer have variations of Linux client. They should be easier to use than unnecessary complicated "custom" solutions. TeamViewer is completely free for "personal use" and has clients for almost every major OS, including Android and iOS clients.

My subscription allows you people to exist on this site and makes me a better human being than you'll ever be

To RDP to a Windows box, you would use rdesktop. The draw back is that Remote Assistance won't work, but aside from that, it works well. I usually use rdesktop -g 1024x768 -P0 -u username -d domain -p - 9.9.9.9 to connect to single Windows boxes.

You just need to have a way of SSHing into the remote network. Use the -L option on the SSH client to forward any local port above 1024 to port 3389 on the target Windows PC, and tell the Terminal Server Client to connect to localhost:port#.

For added security, set up the SSH server to listen on a non-standard high-numbered port and/or configure it to require key-based authentication.

There also is the Remmina GUI which is a connection manager for lots of things including RDP.

You can also add a password to the certs when doing key-based authentication for extra protection. Most people don't because key-based authentication is more of a convenience thing for them, but I would, and do.

Another interesting project related to the issue are Guacamole (http://guac-dev.org/). Guacamole is a web based RDP/VNC client. You would install it on a webserver and use the webpage to access the remote boxes. There are a couple of videos demonstrating how it works on the website.

Something else you might consider is running an VPN server either on the router or via a server. DD-WRT has the ability to run OpenVPN or it can run an IPSec VPN, and if you're setting up a custom server, it can run whatever you want as long as you can figure out the configs. NeoRouter (http://www.neorouter.com/products.html) is an interesting VPN software that can be run on a custom server. It's feature set is a little bit more fleshed out then OpenVPN, but more people know about OpenVPN.

Running a VPN server, of course, assumes you can install software on your computer, and it might also need a reverse DNS entry. For maximum portability, ssh and/or Guacamole would be better.

The upside of a VPN is it's criminally easy to connect to stuff once it's running correctly. You don't have to mess with port forwarding, just DNS and IPs.

So first command creates a ssh tunnel, and says to forward every packet arriving at localhost at port 3389 through tunnel to internalpcip:3389 (where 3389 is used by RDC)And the second command connects to localhost, or mint box at default 3389 port, but since it's redirected over ssh, packets are sent to debianserver through encrypted ssh, which forwards them automatically to internalpcip:3389.

So first command creates a ssh tunnel, and says to forward every packet arriving at localhost at port 3389 through tunnel to internalpcip:3389 (where 3389 is used by RDC)And the second command connects to localhost, or mint box at default 3389 port, but since it's redirected over ssh, packets are sent to debianserver through encrypted ssh, which forwards them automatically to internalpcip:3389.

Yeah, that's basically correct.

The only thing I would maybe change would be to use something other than port 3389 on localhost. That way you can set up a single tunnel that forwards ports to all the systems you want to manage, with a unique local port for each one. E.g. if you have 4 remote PCs you need to access, set up one tunnel that forwards ports 12001 thru 12004 to those PCs:

rdesktop will be run on the local PC, and the GUI will be rendered on the PC that started rdesktop, the Mint PC. The Mint PC and the Windows desktop are the only two things that are doing anything with the RDP connection; everything else is just passing packets around.

Yes, ssh doesn't take a lot of power, so the jump server could be ultra-low power. However, the throughput for a VPN solution is proc bound.